NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

misc/54020: three patches for ipsec-tools

>Number:         54020
>Category:       misc
>Synopsis:       three patches for ipsec-tools
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 26 21:40:00 +0000 2019
>Originator:     Maciej S. Szmigiero
I am attaching three patches for ipsec-tools (crypto/dist/ipsec-tools),
since NetBSD is now this package's upstream.

The first one fixes freeing uninitialized pointer in binbuf_pubkey2rsa()
on error path.

If we take the first error path (the one where the decoded string doesn't
make sense) in binbuf_pubkey2rsa() we call BN_free() on "exp" so we have
to make sure that we NULL-initialize it.

The second one fixes ipsec-tools Linux build, a configuration that some
of recent code changes have broken.

The third one makes racoon use CLOCK_BOOTTIME for measuring time, if
this clock is available.

The difference between CLOCK_BOOTTIME and CLOCK_MONOTONIC is that
CLOCK_MONOTONIC stops when the machine is sleeping.

Linux kernel uses CLOCK_BOOTTIME for measuring things like SA expiry times.
We should do likewise, so we don't get a different view than the kernel and
our peers when exactly our SAs expire when the machine gets suspended and
then resumed.


The three patches are available at:

Home | Main Index | Thread Index | Old Index